Jump to content

Reading Combofix Log


Recommended Posts

Suspect I'm infected. I ran malwarebytes anti-malware and anti-root wouldn't run at first. Then I ran combofix and antiroot ran. When combofix ran, I got one error message "Route.3XE is not a valid Win32 application." I believe I'm infected because Windows Update won't run. Here's the log. HALP!!!

 

ComboFix 13-11-04.01 - Owner 11/06/2013   9:39.3.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.2046.1283 [GMT -5:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-06 to 2013-11-06  )))))))))))))))))))))))))))))))
.
.
2013-11-06 14:58 . 2013-11-06 14:58    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-11-06 06:52 . 2012-10-20 02:00    2106216    ----a-w-    c:\program files\Mozilla Firefox\updated\D3DCompiler_43.dll
2013-11-06 06:52 . 2013-11-06 06:53    117360    ----a-w-    c:\program files\Mozilla Firefox\updated\crashreporter.exe
2013-11-06 06:52 . 2013-11-06 06:53    75376    ----a-w-    c:\program files\Mozilla Firefox\updated\breakpadinjector.dll
2013-11-06 06:52 . 2013-11-06 06:53    272496    ----a-w-    c:\program files\Mozilla Firefox\updated\browser\components\browsercomps.dll
2013-11-06 06:52 . 2013-11-06 06:53    20080    ----a-w-    c:\program files\Mozilla Firefox\updated\AccessibleMarshal.dll
2013-11-05 01:20 . 2013-11-05 16:08    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-11-05 01:11 . 2013-11-05 01:11    75992    ----a-w-    c:\windows\system32\drivers\50D85803.sys
2013-11-05 01:10 . 2013-11-05 01:10    75992    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2013-11-04 18:20 . 2013-11-05 15:49    105176    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2013-11-02 00:29 . 2013-11-02 00:37    --------    d-----w-    c:\program files\AOL Desktop 9.7a
2013-10-23 15:44 . 2013-10-23 15:44    --------    d-----w-    c:\program files\iPod
2013-10-23 15:44 . 2013-10-23 15:46    --------    d-----w-    c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-10-23 15:44 . 2013-10-23 15:46    --------    d-----w-    c:\program files\iTunes
2013-10-20 13:02 . 2013-10-20 13:02    --------    d-----w-    c:\programdata\Oracle
2013-10-20 13:02 . 2013-10-20 13:02    --------    d-----w-    c:\program files\Common Files\Java
2013-10-20 13:00 . 2013-10-20 13:00    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-10-09 09:33 . 2013-07-04 11:50    530432    ----a-w-    c:\windows\system32\comctl32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-09 13:37 . 2013-03-01 22:55    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-10-09 13:37 . 2013-03-01 22:55    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-07 17:40 . 2010-05-15 00:58    58696    ----a-w-    c:\windows\system32\AOLParconLink.exe
2013-09-07 17:20 . 2013-09-07 17:20    348160    ----a-w-    c:\windows\system32\msvcr71.dll
2013-09-07 17:20 . 2013-09-07 17:20    499712    ----a-w-    c:\windows\system32\msvcp71.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-09-14 59720]
"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-09-15 59720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 13826664]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-10-26 1458176]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2013-08-06 295512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-10-19 152392]
"HostManager"="c:\program files\Common Files\AOL\1273885025\ee\AOLSoftware.exe" [2010-03-08 41800]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R1 MpKsl5b9e215a;MpKsl5b9e215a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F4055AD1-529D-4721-8D35-1A1F2E7F88F9}\MpKsl5b9e215a.sys [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-06-03 162408]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-14 1343400]
S0 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-11-05 75992]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\1404000.028\SYMDS.SYS [2013-05-21 367704]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\1404000.028\SYMEFA.SYS [2013-05-23 934488]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\BASHDefs\20131101.003\BHDrvx86.sys [2013-10-22 1096280]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360\1404000.028\ccSetx86.sys [2013-04-16 134744]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\IPSDefs\20131105.002\IDSvix86.sys [2013-10-28 393816]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\1404000.028\Ironx86.SYS [2013-03-05 175264]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360\1404000.028\SYMNETS.SYS [2013-04-25 339544]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-08-23 13672]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe [2013-05-21 144368]
S2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;c:\program files\Nitro\Pro 8\NitroPDFDriverService8.exe [2013-07-25 196616]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\NLSSRV32.EXE [2013-07-25 69640]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-04-16 39056]
S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-12-03 625224]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-08-27 108120]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-02 139776]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-16 12:22    1185744    ----a-w-    c:\program files\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-01 13:37]
.
2013-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-14 00:14]
.
2013-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-14 00:14]
.
2013-11-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4235328940-1070465192-1589428986-1000Core.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-30 06:10]
.
2013-11-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4235328940-1070465192-1589428986-1000UA.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-30 06:10]
.
.
------- Supplementary Scan -------
.

uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ze336ga7.default\


FF - ExtSQL: 2013-10-30 09:21; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\coFFPlgn
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(browser.sessionstore.resume_session_once, true
FF - user.js: browser.sessionstore.resume_session_once - true
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 79e297210000000000000013e88663f7
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15846
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.521:27
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119988&tt=gc_190513_215
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-11-06  10:01:38
ComboFix-quarantined-files.txt  2013-11-06 15:01
ComboFix2.txt  2013-11-05 16:51
ComboFix3.txt  2013-11-05 02:08
ComboFix4.txt  2009-10-24 15:04
.
Pre-Run: 22,675,300,352 bytes free
Post-Run: 22,637,207,552 bytes free
.
- - End Of File - - 4815C94A1906E4D87C9E3FDD330129C4
A36C5E4F47E84449FF07ED3517B43A31

 

Thanks!!

 

Tim
 

Link to post
Share on other sites

Hello Tim and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please follow the instructions here and post your log files:

https://forums.malwarebytes.org/index.php?showtopic=9573

Link to post
Share on other sites

Thanks, Borislav... I ran the quick scan of Malwarebytes AntiMaleware Pro. Here's the log.

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.06.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Owner :: OWNER-PC [administrator]

Protection: Disabled

11/6/2013 12:19:07 PM
mbam-log-2013-11-06 (12-19-07).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 209522
Time elapsed: 14 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

 

Here's DDS.txt:

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16514  BrowserJavaVersion: 10.45.2
Run by Owner at 12:40:00 on 2013-11-06
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.2046.790 [GMT -5:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe
C:\Windows\system32\NLSSRV32.EXE
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\aol\1273885025\ee\aolsoftware.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Ipswitch\WS_FTP 12\WsftpCOMHelper.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\real\realplayer\update\realsched.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\notepad.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.

uURLSearchHooks: {472734EA-242A-422b-ADF8-83D1E48CC825} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton 360\engine\20.4.0.40\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton 360\engine\20.4.0.40\ips\ipsbho.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\20.4.0.40\coieplg.dll
uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe
uRun: [ApplePhotoStreams] c:\program files\common files\apple\internet services\ApplePhotoStreams.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [sMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [HostManager] c:\program files\common files\aol\1273885025\ee\AOLSoftware.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

TCP: NameServer = 192.168.1.1
TCP: Interfaces\{2CBB3B9D-E422-406F-8919-F557AC094C6E} : DHCPNameServer = 168.94.0.15 168.94.0.14
TCP: Interfaces\{A3D38AA4-9E4B-4C35-977E-47F1E49E5077} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\30.0.1599.101\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\ze336ga7.default\


FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\nitro\pro 8\npdf.dll
FF - plugin: c:\program files\nitro\pro 8\npnitroie.dll
FF - plugin: c:\program files\nitro\pro 8\npnitromozilla.dll
FF - plugin: c:\program files\nitro\pro 8\NPShellExtension.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\npdlplugin.dll
FF - plugin: c:\users\owner\appdata\local\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\users\owner\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\owner\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\users\owner\appdata\roaming\mozilla\plugins\npo1d.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
FF - ExtSQL: 2013-10-30 09:21; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.1.2\coFFPlgn
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(browser.sessionstore.resume_session_once, true
FF - user.js: browser.sessionstore.resume_session_once - true
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 79e297210000000000000013e88663f7
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15846
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.521:27:45
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119988&tt=gc_190513_215
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R0 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-11-4 75992]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\1404000.028\symds.sys [2013-6-13 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\1404000.028\symefa.sys [2013-6-13 934488]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.1.2\definitions\bashdefs\20131101.003\BHDrvx86.sys [2013-11-5 1096280]
R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\1404000.028\ccsetx86.sys [2013-6-13 134744]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.1.2\definitions\ipsdefs\20131105.002\IDSvix86.sys [2013-11-5 393816]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\1404000.028\ironx86.sys [2013-6-13 175264]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\n360\1404000.028\symnets.sys [2013-6-13 339544]
R3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2009-12-3 625224]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-8-27 108120]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-1 139776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-20 22856]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-1 52224]
.
=============== Created Last 30 ================
.
2013-11-06 16:09:48    --------    d-----w-    c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-11-06 16:09:48    --------    d-----w-    c:\program files\iTunes
2013-11-06 16:09:48    --------    d-----w-    c:\program files\iPod
2013-11-06 15:00:47    --------    d-sh--w-    C:\$RECYCLE.BIN
2013-11-06 06:52:58    2106216    ----a-w-    c:\program files\mozilla firefox\D3DCompiler_43.dll
2013-11-06 06:52:57    117360    ----a-w-    c:\program files\mozilla firefox\crashreporter.exe
2013-11-06 06:52:53    75376    ----a-w-    c:\program files\mozilla firefox\breakpadinjector.dll
2013-11-06 06:52:53    272496    ----a-w-    c:\program files\mozilla firefox\browser\components\browsercomps.dll
2013-11-06 06:52:53    20080    ----a-w-    c:\program files\mozilla firefox\AccessibleMarshal.dll
2013-11-05 01:38:47    98816    ----a-w-    c:\windows\sed.exe
2013-11-05 01:38:47    256000    ----a-w-    c:\windows\PEV.exe
2013-11-05 01:38:47    208896    ----a-w-    c:\windows\MBR.exe
2013-11-05 01:20:17    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-11-05 01:11:16    75992    ----a-w-    c:\windows\system32\drivers\50D85803.sys
2013-11-05 01:10:53    75992    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2013-11-02 00:29:51    --------    d-----w-    c:\program files\AOL Desktop 9.7a
2013-10-20 13:02:52    --------    d-----w-    c:\programdata\Oracle
2013-10-20 13:00:21    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-10-09 09:33:42    530432    ----a-w-    c:\windows\system32\comctl32.dll
.
==================== Find3M  ====================
.
2013-10-09 13:37:24    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-10-09 13:37:23    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-22 10:22:59    1800704    ----a-w-    c:\windows\system32\jscript9.dll
2013-09-22 10:14:39    1427968    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-09-22 10:13:22    1129472    ----a-w-    c:\windows\system32\wininet.dll
2013-09-22 10:08:41    142848    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-09-22 10:06:58    420864    ----a-w-    c:\windows\system32\vbscript.dll
2013-09-22 10:03:18    2382848    ----a-w-    c:\windows\system32\mshtml.tlb
2013-09-14 00:48:58    338944    ----a-w-    c:\windows\system32\drivers\afd.sys
2013-09-08 02:07:12    1294272    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:03:58    231424    ----a-w-    c:\windows\system32\mswsock.dll
2013-09-07 17:40:30    58696    ----a-w-    c:\windows\system32\AOLParconLink.exe
2013-09-07 17:20:39    348160    ----a-w-    c:\windows\system32\msvcr71.dll
2013-09-07 17:20:37    499712    ----a-w-    c:\windows\system32\msvcp71.dll
2013-09-04 01:15:32    258560    ----a-w-    c:\windows\system32\drivers\usbhub.sys
2013-09-04 01:14:52    76288    ----a-w-    c:\windows\system32\drivers\usbccgp.sys
2013-09-04 01:14:52    284672    ----a-w-    c:\windows\system32\drivers\usbport.sys
2013-09-04 01:14:45    43008    ----a-w-    c:\windows\system32\drivers\usbehci.sys
2013-09-04 01:14:45    20480    ----a-w-    c:\windows\system32\drivers\usbohci.sys
2013-09-04 01:14:43    24064    ----a-w-    c:\windows\system32\drivers\usbuhci.sys
2013-09-04 01:14:40    6016    ----a-w-    c:\windows\system32\drivers\usbd.sys
2013-08-29 01:51:45    3969472    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-08-29 01:51:45    3914176    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-08-29 01:50:30    1289096    ----a-w-    c:\windows\system32\ntdll.dll
2013-08-29 01:50:16    619520    ----a-w-    c:\windows\system32\tdh.dll
2013-08-29 01:48:17    640512    ----a-w-    c:\windows\system32\advapi32.dll
2013-08-28 01:04:30    2348544    ----a-w-    c:\windows\system32\win32k.sys
2013-08-28 00:57:20    434688    ----a-w-    c:\windows\system32\scavengeui.dll
.
============= FINISH: 12:42:40.03 ===============
 

And Attach.txt:

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/14/2010 9:23:41 AM
System Uptime: 11/5/2013 12:02:00 PM (24 hours ago)
.
Motherboard: Quanta |  | 30CB
Processor: Intel® Core2 Duo CPU     T7500  @ 2.20GHz | U2E1 | 792/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 85 GiB total, 20.924 GiB free.
D: is FIXED (NTFS) - 93 GiB total, 71.132 GiB free.
E: is FIXED (NTFS) - 8 GiB total, 1.774 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: mbr
Device ID: ROOT\LEGACY_MBR\0000
Manufacturer:
Name: mbr
PNP Device ID: ROOT\LEGACY_MBR\0000
Service: mbr
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: WAN Miniport (ATW)
Device ID: ROOT\NET\0001
Manufacturer: America Online, Inc.
Name: WAN Miniport (ATW) #2
PNP Device ID: ROOT\NET\0001
Service: wanatw
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl5b9e215a
Device ID: ROOT\LEGACY_MPKSL5B9E215A\0000
Manufacturer:
Name: MpKsl5b9e215a
PNP Device ID: ROOT\LEGACY_MPKSL5B9E215A\0000
Service: MpKsl5b9e215a
.
==== System Restore Points ===================
.
RP1006: 11/5/2013 3:00:21 AM - Windows Update
RP1007: 11/5/2013 11:53:12 AM - Windows Update
RP1008: 11/6/2013 3:00:47 AM - Windows Update
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
Adobe AIR
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.05)
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
BitLord 1.1
Bonjour
Coupon Printer for Windows
D3DX10
Download Updater (AOL LLC)
FileZilla Client 3.6.0.2
Google Chrome
Google Earth Plug-in
Google Talk (remove only)
Google Talk Plugin
Google Update Helper
iCloud
Ipswitch WS_FTP 12
iTunes
Java 7 Update 45
Java Auto Updater
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft IntelliPoint 8.2
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Motorola SM56 Speakerphone Modem
Mozilla Firefox 25.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
Nitro Pro 8
Norton 360
NVIDIA Drivers
OGA Notifier 2.0.0048.0
PVSonyDll
QuickTime
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
RICOH Media Driver
RTC Client API v1.2
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition
Skype™ 6.5
Synaptics Pointing Device Driver
TurboTax 2010 WinBizFedFormset
TurboTax 2010 WinBizReleaseEngine
TurboTax 2010 WinBizTaxSupport
TurboTax 2010 wnjfbpm
TurboTax 2010 wrapper
TurboTax 2011 WinBizFedFormset
TurboTax 2011 WinBizReleaseEngine
TurboTax 2011 WinBizTaxSupport
TurboTax 2011 wnjfbpm
TurboTax 2011 wrapper
TurboTax 2012 WinBizFedFormset
TurboTax 2012 WinBizReleaseEngine
TurboTax 2012 WinBizTaxSupport
TurboTax 2012 wnjfbpm
TurboTax 2012 wrapper
TurboTax Business 2010
TurboTax Business 2011
TurboTax Business 2012
Uninstall AOL Emergency Connect Utility 1.0
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Viewpoint Media Player
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin
Yahoo! Messenger
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
11/6/2013 9:58:18 AM, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
11/6/2013 3:11:13 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 10 for Windows 7.
11/6/2013 12:35:11 PM, Error: mbamchameleon [61703]  -
11/6/2013 12:05:54 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
11/4/2013 8:15:29 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the YahooAUService service.
11/3/2013 12:56:08 PM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
11/3/2013 12:48:23 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
11/3/2013 12:48:23 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
11/3/2013 12:47:17 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11/3/2013 12:47:16 PM, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
11/3/2013 12:47:14 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/3/2013 12:47:06 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/3/2013 12:46:59 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
11/3/2013 12:46:46 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  BHDrvx86 ccSet_N360 discache eeCtrl IDSVix86 spldr SRTSPX SymIRON SymNetS Wanarpv6
11/2/2013 7:40:40 PM, Error: Microsoft-Windows-WMPNSS-Service [14332]  - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
10/30/2013 9:01:55 AM, Error: ACPI [13]  - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
.
==== End Of File ===========================
 

Thanks!

 

Tim

Link to post
Share on other sites

Why do you suspect that your system is infected?

Step 1

Please uninstall the following applications:

BitLord 1.1

Coupon Printer for Windows

Viewpoint Media Player

Step 2

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 3

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
In your next reply, post the following log files:
  • Junkware Removal Tool log
  • AdwCleaner log
Link to post
Share on other sites

I suspect my system is infected because Windows update won't run when I click it in my Start menu and my Shut down button has the Windows Update shield, and tries to update when I shut down, but does not complete the update. And the shield reappears after reboot. When I searched google, it said malware can cause this issue.

 

I removed the programs you recommended and ran the programs logs are...

 

JRT.txt:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Professional x86
Ran by Owner on Mon 11/11/2013 at 19:38:19.74
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\dnu.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4235328940-1070465192-1589428986-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctl
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctl.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctlsecondary
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctlsecondary.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdate
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloaduibrowser
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloaduibrowser.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloadupdcontroller
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloadupdcontroller.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mybabylontb_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ouask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ouask_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}



~~~ Files

Successfully deleted: [File] C:\Windows\System32\Tasks\goforfilesupdate
Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npdnu.dll"
Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npdnu.xpt"
Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npdnupdater2.dll"
Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npdnupdater2.xpt"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\Users\Owner\AppData\Roaming\goforfiles"
Successfully deleted: [Folder] "C:\Users\Owner\appdata\locallow\whitesmoketoolbar"
Successfully deleted: [Folder] "C:\Program Files\Common Files\software update utility"
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{02707817-78D9-4C65-951C-393323E016F0}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{F9526762-D44D-43E1-A5A7-553231496407}



~~~ FireFox

Successfully deleted: [File] C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\ze336ga7.default\user.js
Successfully deleted: [File] C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\3f6nw12b.default\user.js
Successfully deleted: [File] C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\ze336ga7.default\invalidprefs.js
Successfully deleted: [File] C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\ze336ga7.default\invalidprefs.js
Successfully deleted: [File] C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\ze336ga7.default\searchplugins\delta.xml
Successfully deleted: [File] C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\3f6nw12b.default\searchplugins\delta.xml
Successfully deleted: [Folder] "C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@babylon.com"
Successfully deleted: [Folder] C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\ze336ga7.default\conduitcommon
Successfully deleted the following from C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\ze336ga7.default\prefs.js




































user_pref("CommunityToolbar.EngineOwner", "");
user_pref("CommunityToolbar.EngineOwnerGuid", "{37483b40-c254-4a72-bda4-22ee90182c1e}");
user_pref("CommunityToolbar.EngineOwnerToolbarId", "nch_en");
user_pref("CommunityToolbar.IsEngineShown", true);
user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);

user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.5.0.12");
user_pref("CommunityToolbar.OriginalEngineOwner", "CT2801948");
user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{37483b40-c254-4a72-bda4-22ee90182c1e}");
user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "nch_en");

user_pref("CommunityToolbar.ToolbarsList", "CT2801948");
user_pref("CommunityToolbar.ToolbarsList2", "CT2801948");
user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sun Apr 17 2011 00:31:36 GMT-0400 (Eastern Daylight Time)");
user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Tue Jun 21 2011 19:07:54 GMT-0400 (Eastern Daylight Time)");

user_pref("CommunityToolbar.alert.locale", "en");
user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
user_pref("CommunityToolbar.alert.loginLastCheckTime", "Tue Jun 21 2011 19:07:45 GMT-0400 (Eastern Daylight Time)");
user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);

user_pref("CommunityToolbar.alert.showTrayIcon", false);
user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
user_pref("CommunityToolbar.alert.userId", "6a256b3d-578f-4f3d-9e3c-16a1c794eb2f");
user_pref("CommunityToolbar.globalUserId", "1c33f391-4b03-4320-88c9-23838d09222c");
user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
user_pref("CommunityToolbar.killedEngine", true);
user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Wed Jun 22 2011 19:05:17 GMT-0400 (Eastern Daylight Time)");
user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Fri Jun 24 2011 11:43:20 GMT-0400 (Eastern Daylight Time)");

user_pref("CommunityToolbar.notifications.locale", "en");
user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Jun 24 2011 11:43:11 GMT-0400 (Eastern Daylight Time)");
user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1305622559");
user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);

user_pref("CommunityToolbar.notifications.showTrayIcon", false);
user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
user_pref("CommunityToolbar.notifications.userId", "5527ddd2-b923-4c7f-82b2-83a489e40c53");
user_pref("CommunityToolbar.undefined", "");

user_pref("extensions.delta.admin", false);
user_pref("extensions.delta.aflt", "babsst");
user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
user_pref("extensions.delta.autoRvrt", "false");
user_pref("extensions.delta.dfltLng", "en");
user_pref("extensions.delta.excTlbr", false);
user_pref("extensions.delta.ffxUnstlRst", true);
user_pref("extensions.delta.id", "79e297210000000000000013e88663f7");
user_pref("extensions.delta.instlDay", "15846");
user_pref("extensions.delta.instlRef", "sst");
user_pref("extensions.delta.newTab", false);
user_pref("extensions.delta.prdct", "delta");
user_pref("extensions.delta.prtnrId", "delta");
user_pref("extensions.delta.rvrt", "false");
user_pref("extensions.delta.smplGrp", "none");
user_pref("extensions.delta.tlbrId", "base");
user_pref("extensions.delta.tlbrSrchUrl", "");
user_pref("extensions.delta.vrsn", "1.8.21.5");
user_pref("extensions.delta.vrsnTs", "1.8.21.521:27:45");
user_pref("extensions.delta.vrsni", "1.8.21.5");
user_pref("extensions.delta_i.babExt", "");
user_pref("extensions.delta_i.babTrack", "affID=119988&tt=gc_190513_215");
user_pref("extensions.delta_i.srcExt", "ss");
user_pref("extensions.engine@conduit.com.install-event-fired", true);
user_pref("extensions.searchtoolbar@zugo.com.install-event-fired", true);





user_pref("google.toolbar.search-icon", "data:image/x-icon;base64,AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7PT7/3zF6/9Ptu//RbHx/
Successfully deleted the following from C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\3f6nw12b.default\prefs.js











user_pref("google.toolbar.search-icon", "data:image/x-icon;base64,AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7PT7/3zF6/9Ptu//RbHx/
Emptied folder: C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\ze336ga7.default\minidumps [201 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 11/11/2013 at 19:43:22.69
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Adw Cleaner:

 

# AdwCleaner v3.012 - Report created 11/11/2013 at 19:45:48
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitLord
Folder Deleted : C:\Program Files\NCH Software
Folder Deleted : C:\Users\Owner\AppData\Roaming\ExpressFiles
Folder Deleted : C:\Users\Owner\AppData\Roaming\NCH Software
Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3f6nw12b.default\StumbleUpon
Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ze336ga7.default\Conduit
Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ze336ga7.default\CT2801948
Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3f6nw12b.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ze336ga7.default\Extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}
File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ze336ga7.default\bProtector_extensions.rdf
File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3f6nw12b.default\invalidprefs.js
File Deleted : C:\Windows\System32\Tasks\Express FilesUpdate

***** [ Shortcuts ] *****


***** [ Registry ] *****

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5CD96ADB-AC3A-4E33-8251-C066C0EE728B}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5CD96ADB-AC3A-4E33-8251-C066C0EE728B}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AE4F4D3A-0C41-4676-91E3-848440466545}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE4F4D3A-0C41-4676-91E3-848440466545}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ClickPotatoLiteSA_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ClickPotatoLiteSA_RASMANCS
Key Deleted : HKLM\SOFTWARE\5cf8bdbbd3bee40
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\ExpressFiles
Key Deleted : HKCU\Software\NCH Software
Key Deleted : HKLM\Software\ExpressFiles
Key Deleted : HKLM\Software\NCH Software
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16514


-\\ Mozilla Firefox v25.0 (en-US)

[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3f6nw12b.default\prefs.js ]


[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ze336ga7.default\prefs.js ]

Line Deleted : user_pref("CT2801948..clientLogIsEnabled", false);
Line Deleted : user_pref("CT2801948.CTID", "CT2801948");
Line Deleted : user_pref("CT2801948.CurrentServerDate", "24-6-2011");
Line Deleted : user_pref("CT2801948.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2801948.DialogsGetterLastCheckTime", "Wed Jun 22 2011 19:09:09 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2801948.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT2801948.EMailNotifierPollDate", "Fri Jun 24 2011 11:43:11 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2801948.FirstServerDate", "3-2-2011");
Line Deleted : user_pref("CT2801948.FirstTime", true);
Line Deleted : user_pref("CT2801948.FirstTimeFF3", true);
Line Deleted : user_pref("CT2801948.FixPageNotFoundErrors", true);
Line Deleted : user_pref("CT2801948.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT2801948.HasUserGlobalKeys", true);
Line Deleted : user_pref("CT2801948.HomePageProtectorEnabled", false);
Line Deleted : user_pref("CT2801948.Initialize", true);
Line Deleted : user_pref("CT2801948.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT2801948.InstallationAndCookieDataSentCount", 3);
Line Deleted : user_pref("CT2801948.InstallationType", "UnknownIntegration");
Line Deleted : user_pref("CT2801948.InstalledDate", "Wed Feb 02 2011 20:31:10 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2801948.InvalidateCache", false);
Line Deleted : user_pref("CT2801948.IsAlertDBUpdated", true);
Line Deleted : user_pref("CT2801948.IsGrouping", false);
Line Deleted : user_pref("CT2801948.IsMulticommunity", false);
Line Deleted : user_pref("CT2801948.IsOpenThankYouPage", true);
Line Deleted : user_pref("CT2801948.IsOpenUninstallPage", true);
Line Deleted : user_pref("CT2801948.LanguagePackLastCheckTime", "Fri Jun 24 2011 11:43:12 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2801948.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT2801948.LastLogin_3.2.5.2", "Wed Feb 02 2011 20:31:10 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2801948.LastLogin_3.5.0.12", "Fri Jun 24 2011 11:43:11 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2801948.LatestVersion", "3.3.5.1");
Line Deleted : user_pref("CT2801948.Locale", "en-us");
Line Deleted : user_pref("CT2801948.MCDetectTooltipHeight", "83");

Line Deleted : user_pref("CT2801948.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT2801948.MyStuffEnabledAtInstallation", true);
Line Deleted : user_pref("CT2801948.RadioIsPodcast", false);
Line Deleted : user_pref("CT2801948.RadioLastCheckTime", "Fri Jun 24 2011 11:43:12 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2801948.RadioLastUpdateIPServer", "3");
Line Deleted : user_pref("CT2801948.RadioLastUpdateServer", "129307496595170000");
Line Deleted : user_pref("CT2801948.RadioMediaID", "21435220");
Line Deleted : user_pref("CT2801948.RadioMediaType", "Media Player");
Line Deleted : user_pref("CT2801948.RadioMenuSelectedID", "EBRadioMenu_CT280194821435220");
Line Deleted : user_pref("CT2801948.RadioShrinkedFromSetup", false);
Line Deleted : user_pref("CT2801948.RadioStationName", "Virgin%20Radio%20Classic%20Rock");

Line Deleted : user_pref("CT2801948.SearchEngineBeforeUnload", "Bing");
Line Deleted : user_pref("CT2801948.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT2801948.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT2801948.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT2801948.SearchInNewTabLastCheckTime", "Fri Jun 24 2011 11:43:11 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2801948.SearchInNewTabUserEnabled", false);
Line Deleted : user_pref("CT2801948.SearchProtectorEnabled", false);
Line Deleted : user_pref("CT2801948.SearchProtectorToolbarDisabled", false);
Line Deleted : user_pref("CT2801948.ServiceMapLastCheckTime", "Fri Jun 24 2011 11:43:11 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2801948.SettingsLastCheckTime", "Fri Jun 24 2011 11:43:11 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2801948.SettingsLastUpdate", "1306530423");
Line Deleted : user_pref("CT2801948.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT2801948.ThirdPartyComponentsLastCheck", "Wed Jun 22 2011 19:05:13 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2801948.ThirdPartyComponentsLastUpdate", "1246790578");
Line Deleted : user_pref("CT2801948.ToolbarShrinkedFromSetup", false);
Line Deleted : user_pref("CT2801948.UserID", "UN83782084230460140");
Line Deleted : user_pref("CT2801948.WeatherNetwork", "");
Line Deleted : user_pref("CT2801948.WeatherPollDate", "Wed Feb 02 2011 20:31:10 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2801948.WeatherUnit", "F");
Line Deleted : user_pref("CT2801948.alertChannelId", "1194029");

Line Deleted : user_pref("CT2801948.globalFirstTimeInfoLastCheckTime", "Fri Jun 24 2011 11:43:12 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2801948.homepageProtectorEnableByLogin", true);
Line Deleted : user_pref("CT2801948.initDone", true);
Line Deleted : user_pref("CT2801948.isAppTrackingManagerOn", true);
Line Deleted : user_pref("CT2801948.isFirstRadioInstallation", false);
Line Deleted : user_pref("CT2801948.myStuffEnabled", true);
Line Deleted : user_pref("CT2801948.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT2801948.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT2801948.oldAppsList", "129306881620344305,129306881621438061,111,129306881624250628,129306881624563129,129343840936544328,129311959839444431,129306881632844577,1000082,129311958650656383,[...]
Line Deleted : user_pref("CT2801948.searchProtectorDialogDelayInSec", 10);
Line Deleted : user_pref("CT2801948.searchProtectorEnableByLogin", true);
Line Deleted : user_pref("CT2801948.testingCtid", "");
Line Deleted : user_pref("CT2801948.toolbarAppMetaDataLastCheckTime", "Fri Jun 24 2011 11:43:12 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2801948.toolbarContextMenuLastCheckTime", "Wed Jun 22 2011 19:05:17 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2801948.usagesFlag", 1);

















Line Deleted : user_pref("FirstSearch.aol_toolbar.search.hasDoneFirst", 1);
Line Deleted : user_pref("extensions.enabledItems", "{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3,{3112ca9c-de6d-4884-a869-9855de68056c}:7.1.20101113Wb1,{ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1,{CAFEEFAC-0016-0[...]
Line Deleted : user_pref("plugin.blocklisted.npviewpoint", true);

-\\ Google Chrome v30.0.1599.101

[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [13927 octets] - [11/11/2013 19:44:30]
AdwCleaner[s0].txt - [14206 octets] - [11/11/2013 19:45:48]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [14267 octets] ##########
 

Thank you,

 

Tim

Link to post
Share on other sites

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Link to post
Share on other sites

I ran ESET and it found two items. After I rebooted, I tried to open Windows Update and it's still not loading. Log below:

 

C:\AOL Instant Messenger\AIM.exe    Win32/Adware.WBug.A application    cleaned by deleting - quarantined
C:\Users\Owner\Desktop\FreeAllInOneMediaPlayerSetup.exe    Win32/MyPCBackup.A application    cleaned by deleting - quarantined
 

Thanks!

 

Tim

Link to post
Share on other sites

  • 4 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.